Effective Cybersecurity

In our experience many organizations want to focus exclusively on their core business, their main mission, the activity which gives them their identity. This sounds like a good idea but it is not a good idea because no organization can afford to ignore all the other things that are required here in the 21st century,

The two aspects of running an organization that we see most often neglected are these:

• Providing a safe working environment, free from sexual harassment etc
• Take due care of private data--both yours and your customers' and partners'

It is easy to fall into the trap of saying that your core business is "the real work" and that the other stuff is unimportant and only there because outsiders require it. But hostile work environments cost money in turnover and loss of talent while ineffective cybersecurity exposes you to risk of loss of money and reputation.

Both of these areas share an apparent lack of importance, especially in the short-term. But this illusion is brittle: you can stagger along without them, until you can't and then it is too late to do much about it.

When organizations shortchange these goals the managers are rarely foolish enough to simple ignore them. Instead they pay lip service and they engage in performative but meaningless activities such as annoying posters in the break room and annual mandatory on-line security training, whether you need it or not.

Safe working environments are important--and good for long-term productivity--but they are not where Pythia Cyber has its focus. We focus on the second one, which is part of effective cybersecurity.

How do you know if your organization is taking cybersecurity seriously? You know because effective cybersecurity programs are proven, by which we mean backed by evidence that you understand. Proof leads to feedback and feedback leads to improvement and improvement leads to confidence. So another way to know if your organization has effective cybersecurity is to ask yourself this question: how confident are you that your organization has effective cybersecurity?

We are not talking about blind faith, the kind bolstered by theatrics and based on just about nothing. We are talking about confidence, a true sense that good things are happening and that bad things are not happening.

How often is your organization attacked in the cyber realm? What kinds of attacks are currently common? How well does your team do in preventing and thwarting these attacks? What kinds of system failures has your organization dealt with? Floods? Power outages? Hardware failures or upgrades?

Good systems administration is mostly invisible because you don't notice the outages that don't happen. But good cybersecurity is more visible because you are part of it, no matter what position you hold in the organization. Cybersecurity is part of everyone's job.

If you are a member of the rank-and-file but you know what is expected of you and you have proof that someone notices when you don't it your part, then you have effective cybersecurity.

If you are a member of senior management and you have proof that your most important cyber assets are being protected and that the protection is monitored and that failures are detected, corrected, responded to and recovered from, then you have effective cybersecurity.

If you are a member of the cybersecurity team and you know senior management's priorities and you know your procedures and you generate evidence of your good work and you detect problems quickly and correct problems quickly, then you have effective cybersecurity.

So, uh, what if you DON'T have effective cybersecurity?

We Can Help

We have experts in technology and in behavior and these different experts work together to help your company develop a culture of working together. If you see yourself in the above scenarios then it is time to schedule a meeting.